|
|
|
|
|
|
by davis_m
3231 days ago
|
|
|
Remember that many services are running in a cloud computing environment. Attackers can spin up machines right next to those that they are attacking and bypass much of the network related variables. Timing attacks aren't as simple as often presented. Writers often give a set time for checking each character and ignore all other operations in order to make the issue easy to understand, but most people use this to write off the attack altogether. Surely it can't be that simple. It isn't trivial to take advantage of timing attacks remotely, but researchers have shown that they are definitely exploitable. [1][2] [1] https://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf
[2] https://www.blackhat.com/docs/us-15/materials/us-15-Morgan-W... |
|
|
Can they? Do cloud providers typically short circuit routes within their public address space? At least in AWS, this is not the case unless e.g. vpc peering is used.
On second thought, even if the attacker egresses via their internet gateway, the next hop will be pretty close to their victim.